Skip to content
English
HiJiffy.com
  • There are no suggestions because the search field is empty.

Where to show your privacy information

A channel-by-channel checklist, from your website widget to WhatsApp.

To use HiJiffy compliantly, guests should be able to find clear privacy information wherever data is collected. The good news: you probably already have most of this. The job is usually to review what exists and fill the gaps, not to write everything from scratch.

Tip: Quick check of your current privacy policy. Does it:

  • say you use a chatbot or virtual assistant for service and guest communications?

  • list the data collected through it (chat messages, name, email, phone, booking details, device and IP)?

  • name your messaging provider (HiJiffy) as a service provider acting as processor?

  • list the channels you actually use (web chat, WhatsApp, Messenger, Instagram, Telegram, SMS, email)?

  • explain how guests exercise their rights and opt out?

Anything you answer "no" to is what you need to add.

Your website

If your privacy policy does not yet cover the assistant, add a short section. Here is a starting point you can shorten or expand.

Example to adapt: "Guest messaging and virtual assistant. Our website and messaging channels use a virtual assistant and guest-communication tools provided by HiJiffy, S.A. ('HiJiffy'), acting as our service provider (data processor). When you use our chat or receive messages from us, we and HiJiffy may process your chat messages, name, email address, phone number, booking details, and technical data such as your device, browser and IP address. We use this to answer your questions, manage your reservation and communicate with you across channels such as web chat, WhatsApp, Facebook Messenger, Instagram, Telegram, SMS and email. HiJiffy processes this data only on our instructions and does not use it for its own purposes."

Booking and online check-in

By the time a guest books, they are usually already accepting your terms and privacy notice. So the job here is to review what those already cover, not to add something by default. Many booking terms already mention communications about the reservation, but some are email-only or do not name a channel at all. Check yours, and if a channel is missing, make it explicit.

Example to adapt (transactional notice at checkout): "By completing this booking, you agree that we may contact you about your reservation by email, SMS and WhatsApp, for example to send your confirmation, check-in details and updates. See our Privacy Policy."

If you also plan to send promotional messages later, collect a separate, optional marketing opt-in. Keep it unticked and distinct from the booking itself.

Example to adapt (marketing opt-in, unticked): "☐ Yes, I would like to receive offers, upgrades and local tips from [Property name] by email, SMS or WhatsApp. This is optional and you can unsubscribe at any time."

OTAs (Booking.com, Expedia)

Properties do not have privacy pages on OTAs, and that is expected. We integrate with Booking.com and Expedia through their official APIs and direct contracts, so messaging on those channels runs inside the OTAs' own vetted privacy frameworks.

WhatsApp Business profile

WhatsApp has no field literally called "Privacy Policy," but your official Business Profile (in Meta Business Manager, under WhatsApp Manager) gives you two website slots and a description. Set them up like this:

  1. Website 1: your main website.
  2. Website 2: a direct link to your privacy policy.
  3. Business description (optional): a short line if your legal team wants one.

Example to adapt (business description line): "Messaging operated on our behalf by HiJiffy. See our privacy policy for how we handle your data."

This way a guest can open your profile mid-conversation and reach your terms.

Facebook Messenger, Instagram and Telegram

If you connect any of these channels, set up the same transparency there:

  • Facebook Messenger: add your privacy policy URL in your Facebook Page settings, and link to it in the Messenger greeting or persistent menu so it appears at the start of a conversation.
  • Instagram: add your privacy policy link to your profile (for example, the bio or linked website) and reference it in your welcome or auto-reply.
  • Telegram: add a privacy link in your bot's description and "About" (set through BotFather) and include it in the bot's welcome message.

Example to adapt (welcome line for any channel): "You are chatting with [Property name]'s virtual assistant. See how we handle your data: [privacy policy link]."

SMS and email

  • SMS: consent and notice are captured at booking or check-in (see above). Keep each message clear about who is contacting the guest, and include an easy opt-out such as "Reply STOP to opt out."
  • Email: include your privacy policy link and an unsubscribe option in the footer, as standard.

Inside the chat (the consent checkbox)

This is about what happens within the conversation, on any channel, rather than a place to post a link. The assistant follows privacy by design and only asks for consent when it actually needs personal data:

  • Anonymous browsing (general questions, like opening hours): no checkbox needed, since this is covered by your general privacy and cookie policy.
  • Data-collection moment (asking for name, email or phone, or moving the chat to WhatsApp): the assistant shows a privacy checkbox the guest accepts before submitting.

Example to adapt (in-chat consent line): "☐ I agree to [Property name]'s Privacy Policy and to being contacted about my request."

Note: If you use Voice AI, your privacy notice should also mention that voice notes may be processed by the assistant.

Opt-out, made easy

Give guests a simple way out and honour it promptly.

  • On WhatsApp and SMS, guests can reply with your configured keyword (for example, STOP) to stop messages, and they receive a confirmation.
  • On Messenger, Instagram or Telegram, a guest can simply ask to stop, or end the conversation from their side.
  • Guests can also email your privacy address.
  • Register every opt-out in HiJiffy so the relevant messages stop.

Your Knowledge Document

Add a standing instruction so the assistant tells guests how to exercise their rights (see "Guest data requests"). It keeps the process consistent and routes formal requests to you.